Solved: How to apply timerange 1 day before and one day af...

VatsalJagani · ‎10-18-2018

How to apply timerange on a panel that is one day earlier and 1 day after the selected timeline on timerange?

Here is my approach which is not working, I have no idea why?

<form>
  <label>Test Dashboard</label>
  <fieldset submitButton="false">
    <input type="time" token="timerange_1">
      <label></label>
      <default>
        <earliest>0</earliest>
        <latest></latest>
      </default>
      <change>
        <eval token="timerange_earliest">tonumber(if($timerange_1.earliest|s$=="now", now(), relative_time(now(), $timerange_1.earliest|s$)))-43200*2</eval>
        <eval token="timerange_latest">tonumber(if($timerange_1.latest|s$=="now", now(), relative_time(now(), $timerange_1.latest|s$)))+43200*2</eval>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal | timechart count</query>
          <earliest>$timerange_earliest$</earliest>
          <latest>$timerange_latest$</latest>
        </search>
        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
      </chart>
    </panel>
  </row>
</form>

One more thing here is this is expected to work only with relative values, like - "-7d@h", but will not work if timerange is selected like in-between or absolute (epoch time), please give solution if possible to handle both the case.

kamlesh_vaghela · ‎10-18-2018

@VatsalJagani

Can you please try this?

<form>
   <label>Test Dashboard</label>
   <fieldset submitButton="false">
     <input type="time" token="timerange_1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
   </fieldset>
   <row>
     <panel>
       <chart>
         <search>
           <query>index=_internal [| makereults | addinfo | eval earliest=if(info_min_time=0,0,info_min_time-(246060) | eval latest=if(info_max_time="","",info_max_time+(246060) | return earliest, latest] | timechart count</query>
           <earliest>$timerange_1.earliest$</earliest>
           <latest>$timerange_1.latest$</latest>
         </search>
         <option name="charting.chart">line</option>
         <option name="charting.drilldown">all</option>
       </chart>
     </panel>
   </row>
 </form>

Thanks

View solution in original post

kamlesh_vaghela · ‎10-18-2018

@VatsalJagani

Can you please try this?

<form>
   <label>Test Dashboard</label>
   <fieldset submitButton="false">
     <input type="time" token="timerange_1">
       <label></label>
       <default>
         <earliest>0</earliest>
         <latest></latest>
       </default>
     </input>
   </fieldset>
   <row>
     <panel>
       <chart>
         <search>
           <query>index=_internal [| makereults | addinfo | eval earliest=if(info_min_time=0,0,info_min_time-(246060) | eval latest=if(info_max_time="","",info_max_time+(246060) | return earliest, latest] | timechart count</query>
           <earliest>$timerange_1.earliest$</earliest>
           <latest>$timerange_1.latest$</latest>
         </search>
         <option name="charting.chart">line</option>
         <option name="charting.drilldown">all</option>
       </chart>
     </panel>
   </row>
 </form>

Thanks

HiroshiSatoh · ‎10-18-2018

Is this not good?

  <chart>
    <search>
      <query>index=_internal | timechart count</query>
      <earliest>$timerange_1.earliest$-1d</earliest>
      <latest>$timerange_1.latest$+1d</latest>
    </search>

VatsalJagani · ‎10-18-2018

Chart is showing error: Invalid latest_time: latest_time must be after earliest_time.
When I try to open in search, attempt failed and JS error is shown in the console - Uncaught TypeError: Cannot read property 'earliestTime' of undefined.

How to apply timerange 1 day before and one day after then the selected one?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases